Redirect to a static badge instead of returning status code 500

Redirector should return status code 500 when redirect URL is invalid
2019-10-27 18:38:21 +01:00 · 2019-10-27 18:35:14 +01:00 · 2019-10-24 19:11:02 +02:00
2 changed files with 22 additions and 3 deletions
--- a/core/base-service/redirector.js
+++ b/core/base-service/redirector.js
@@ -4,6 +4,7 @@ const camelcase = require('camelcase')
 const emojic = require('emojic')
 const Joi = require('@hapi/joi')
 const queryString = require('query-string')
+const log = require('../server/log')
 const BaseService = require('./base')
 const {
  serverHasBeenUpSinceResourceCached,
@@ -116,9 +117,14 @@ module.exports = function redirector(attrs) {
        }${targetPath}.${format}${urlSuffix}`
        trace.logTrace('outbound', emojic.shield, 'Redirect URL', redirectUrl)

-        ask.res.statusCode = 301
-        ask.res.setHeader('Location', redirectUrl)
-
+        try {
+          ask.res.statusCode = 301
+          ask.res.setHeader('Location', redirectUrl)
+        } catch (e) {
+          log.error(new Error(`An invalid URL in '${this.name}' redirector.`))
+          ask.res.statusCode = 302
+          ask.res.setHeader('Location', '/badge/badge-inaccessible-lightgray')
+        }
        // To avoid caching mistakes for a long time, and to make this simpler
        // to reason about, use the same cache semantics as the static badge.
        setCacheHeadersForStaticResource(ask.res)
--- a/core/base-service/redirector.spec.js
+++ b/core/base-service/redirector.spec.js
@@ -93,6 +93,19 @@ describe('Redirector', function() {
      expect(headers.location).to.equal('/new/service/hello-world.svg')
    })

+    // https://github.com/badges/shields/issues/4013
+    it('should temporarily redirect to a badge with message "inaccesible" when redirect URL is invalid (contains invalid characters)', async function() {
+      const { statusCode, headers } = await got(
+        `${baseUrl}/very/old/service/hello\nworld.svg`,
+        {
+          followRedirect: false,
+        }
+      )
+
+      expect(statusCode).to.equal(302)
+      expect(headers.location).to.equal('/badge/badge-inaccessible-lightgray')
+    })
+
    it('should redirect raster extensions to the canonical path as configured', async function() {
      const { statusCode, headers } = await got(
        `${baseUrl}/very/old/service/hello-world.png`,
Author	SHA1	Message	Date
Marcin Mielnicki	068d5606e9	Redirect to a static badge instead of returning status code 500	2019-10-27 18:38:21 +01:00
Marcin Mielnicki	824d6de448	Redirect to a static badge instead of returning status code 500	2019-10-27 18:35:14 +01:00
Marcin Mielnicki	5b15c01866	Redirector should return status code 500 when redirect URL is invalid	2019-10-24 19:11:02 +02:00